Daemon Tools Disk App Backdoored in Monthlong Supply-Chain Attack

Widely used app infected with malware, targeting select groups and collecting sensitive data.

Researchers at Kaspersky have identified a monthlong supply-chain attack affecting Daemon Tools, a popular app for mounting disk images. The compromise, which began on April 8, saw installers signed by the developer’s official digital certificate push malicious updates to users. These infected versions of Daemon Too…

The malware’s reach is extensive, with thousands of machines in over 100 countries targeted during this period. However, the attack’s sophistication suggests a specific goal: targeting select groups. About a dozen organizations, across various industries, received follow-on payloads – including what Kaspersky descri…

These supply-chain attacks are notoriously difficult to defend against because they exploit trust in official channels. Users are infected simply by installing digitally signed updates available through legitimate means. This incident is not an isolated case; previous examples include the CCleaner Windows utility po…

The Daemon Tools backdoor’s complexity and the attackers’ use of official channels to distribute malware highlight the need for organizations to remain vigilant. Kaspersky urges these groups to examine machines with installed Daemon Tools versions for any unusual cybersecurity-related activities occurring after Apri…

What matters

Infectors were signed by official digital certificate and downloaded from developer’s website.
Malware collected MAC addresses, hostnames, DNS domain names, running processes, installed software, and system locales.
About a dozen organizations targeted with follow-on payload, including retail, scientific, government, and manufactur…

Why it matters

About a dozen organizations targeted with follow-on payload, including retail, scientific, government, and manufactur…

This GenAI News article was prepared in original wording using reporting and materials published by Ars Technica. Source reference: https://arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/.

Drafted by the GenAI News review pipeline.

What matters

Why it matters

latest articles

OpenAI Releases GPT-5.5 Instant as Default ChatGPT Model

CopilotKit Raises $27M to Enhance AI Agent Deployment in Apps

OpenAI and PwC Collaborate to Reimagine CFO Role with AI

Image AI Models Drive App Growth, Outpacing Chatbot Upgrades

Elon Musk’s Expert Witness Fears AGI Arms Race

MIT’s Virtual Violin Offers New Design Tool for Luthiers

explore more

OpenAI Releases GPT-5.5 Instant as Default ChatGPT Model

CopilotKit Raises $27M to Enhance AI Agent Deployment in Apps

OpenAI and PwC Collaborate to Reimagine CFO Role with AI

Image AI Models Drive App Growth, Outpacing Chatbot Upgrades

Elon Musk’s Expert Witness Fears AGI Arms Race

MIT’s Virtual Violin Offers New Design Tool for Luthiers

LEAVE A REPLY Cancel reply

most viewed

OpenAI Releases GPT-5.5 Instant as Default ChatGPT Model

CopilotKit Raises $27M to Enhance AI Agent Deployment in Apps

OpenAI and PwC Collaborate to Reimagine CFO Role with AI

trending right now

OpenAI Releases GPT-5.5 Instant as Default ChatGPT Model

CopilotKit Raises $27M to Enhance AI Agent Deployment in Apps

OpenAI and PwC Collaborate to Reimagine CFO Role with AI

Image AI Models Drive App Growth, Outpacing Chatbot Upgrades

Elon Musk’s Expert Witness Fears AGI Arms Race

MIT’s Virtual Violin Offers New Design Tool for Luthiers